in Security, Web

Installing suPHP

suPHP is a tool for executing PHP scripts with the permissions of their owners. It consists of an Apache module (mod_suphp) and a setuid root binary (suphp) that is called by the Apache module to change the uid of the process executing the PHP interpreter.

1. Install suPHP

apt-get install libapache2-mod-suphp

2. Disable the php5 apache module

a2dismod php5

3. Restart Apache

/etc/init.d/apache2 restart

4. You can test if suPHP is working correctly by creating a php file containing the following lines:

<?php
system('id');
?>

The script will return user/group id and name. Make sure you set the file owner to a user/group with id greater than 99.

Write a Comment

Comment

  1. Step 1.5 – If, like everyone else I know, you’re not using Debian’s default location (/var/www/) for your webpages, you also need to edit /etc/suphp/suphp.conf and change:

    ;Path all scripts have to be in
    docroot=/var/www/

    to, if you have them somewhere in people’s home directories:

    ;Path all scripts have to be in
    docroot=/home/